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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on March 
29, 2006 has been entered. 

2. Claims 1 , and 22-28 are currently pending, claim 1 is currently amended, and 
claims 2-21 are cancelled, and 22-28 are newly added. 

Response to Arguments 

3. Applicant's arguments filed March 29, 2006 have been fully considered but they 
are not persuasive for the following reasons: 

Regarding claim 1, the Applicant argues that the Cited Prior Art (CPA), Holloway 
et al. (U.S. Patent No. 5,805,801 ) in view of Sofer et al. (U.S. Patent No. 5,489,896), 
does not teach the use of "access vectors." The Examiner gives the claims and the 
term, "access vectors," the broadest reasonable interpretation in light of the 
specification. The specification states that the access vectors are bit vectors that are 
compared to allow access to a destination MAC address. Claim 1 states that the 
access vectors correspond to the MAC destination and source address. It is asserted 
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that based on the broadest reasonable interpretation, the list of authorized MAC 
addresses of Holloway (column 3 lines 4-16), is analogous to the access vectors as 
delineated by claim 1 . 

Therefore, the rejection is given below for the pending claims 1 , and 22-28using 
the CPA. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1-21 are rejected under 35 U.S.C. 103(a) as being anticipated by 
Holloway et al. US (5,805,801 ) in view of Sofer et al. US (5,489,896), 

As per claim 1 : Holloway discloses A MAC (media access control) address based 
communication restricting method using access vectors stored in address tables, 
wherein the access vectors indicate whether two nodes, corresponding to a MAC 
source address and a MAC destination address, may access each other, (Col 3, lines 
15-16) the method comprising the steps of: Receiving packet data upon request of 
communication through at least one port of a plurality of ports of an Ethernet switch 
(Coll 6, lines 27-30); Holloway teaches obtaining the destination MAC addresses 
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through the discovery phase (item 145 of FIG. 10 and item 131 of FIG 1 1) but Holloway 
doesn't explicitly teach Reading a MAC destination address and a MAC source address 
included in the received packet data. However Sofer discloses a MAC address-based 
communication access control method (Col 3, lines 49-52). Where he teaches the using 
of a MAC address stripper to extract the source and destination MAC addresses from a 
packet Col 4, lines 13-22). therefore it would have been obvious to one ordinary skilled 
in the art at the time the invention was made to modify Holloway's invention with the 
teachings of Sofer to include a MAC stripper to extract the MAC destination and source 
addresses from the received packets. One would be motivated to do so in order to 
provide the system with ability to determine where did the packet come form and where 
the packet is headed to and if it's headed to a protected destination. Detecting In an 
address table, access vectors corresponding to the MAC destination and source 
address (FIG 6 and Col 9, Lines 49-51 with Col 3, lines 7-9 ! Holloway teaches using 
combination of data structures AAL (access authorization List) and ICD (interconnected 
device list) the ICD will contain information on connected MAC addresses to the specific 
Managed hub while the AAL will contain the security access control information for each 
device. The combination of those two will perform the same function as the address 
table) Denying access if the access vectors of the MAC destination and source 
addresses are not matched (Col 3, Lines 9-1 1 ; if the managed hub detects an 
unauthorized station connecting to the LAN the hub disables the port disabling the port 
on the hub will perform the step of denying access). 
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As per claim 22: Holloway discloses a packet switch communication method, 
comprising the steps of: 

receiving packet data upon request of communication through at least one port of 
a plurality of ports of said packet switch (Coll 6, lines 27-30); 

determining whether said received MAC source address is stored in an address 
table having an access vector indicating whether allowance for access of client nodes is 
made or not, wherein each client node is identified by at least corresponding MAC 
address (item 132 of FIG 11 and Col 11 lines 14-16); 

when it is determined that said MAC source address is stored in said address 
table, determining whether an access vector corresponding to said received MAC 
destination address is matched with an access vector corresponding to said received 
MAC source address, wherein both of the access vectors are stored in said address 
table (Col 11, lines 46-50); 

if the access vectors corresponding to said received MAC destination and source 
addresses are matched, transmitting said received packet data to a MAC destination 
address (Col 3, Lines 9-11); and 

denying access if said access vectors of said received MAC destination and 
source addresses are not matched (Col 3, Lines 9-1 1 ; if the managed hub detects an 
unauthorized station connecting to the LAN the hub disables the port disabling the port 
on the hub will perform the step of denying access). 
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Holloway teaches obtaining the destination MAC addresses through the 
discovery phase (item 145 of FIG. 10 and item 131 of FIG 1 1) but Holloway doesn't 
explicitly teach Reading a MAC destination address and a MAC source address 
included in the received packet data. However Sofer discloses a MAC address-based 
communication access control method (Col 3, lines 49-52). Where he teaches the using 
of a MAC address stripper to extract the source and destination MAC addresses from a 
packet Col 4, lines 13-22). therefore it would have been obvious to one ordinary skilled 
in the art at the time the invention was made to modify Holloway's invention with the 
teachings of Sofer to include a MAC stripper to extract the MAC destination and source 
addresses from the received packets. One would be motivated to do so in order to 
provide the system with ability to determine where did the packet come form and where 
the packet is headed to and if it's headed to a protected destination. Detecting In an 
address table, access vectors corresponding to the MAC destination and source 
address (FIG 6 and Col 9, Lines 49-51 with Col 3, lines 7-9 ! Holloway teaches using 
combination of data structures AAL (access authorization List) and ICD (interconnected 
device list) the ICD will contain information on connected MAC addresses to the specific 
Managed hub while the AAL will contain the security access control information for each 
device. The combination of those two will perform the same function as the address 
table) Denying access if the access vectors of the MAC destination and source 
addresses are not matched (Col 3, Lines 9-11; if the managed hub detects an 
unauthorized station connecting to the LAN the hub disables the port disabling the port 
on the hub will perform the step of denying access). 
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As per claim 23: Holloway discloses the method as set forth in claim 22, further 
comprising the steps of: 

configuring an anti-hacker table comprising information pertaining to a plurality of 
the client nodes and a plurality of server nodes of a network, wherein each server node 
is identified by at least a corresponding MAC address (Col 7, Lines 7-13 and FIG 7); 

when it is determined that said received MAC source address is not stored in 
said address table, determining whether information corresponding to said received 
MAC source address is stored in said anti-hacker table (item 135 of FIG 11, Col 11 lines 
21-29, item 137 of FIG 11 and Col 11 lines 31-34); and 

when it is determined that said received MAC source address is stored in said 
anti-hacker table, modifying an access vector in said MAC source address to a security 
key, to thereby store the modified address in said address table (item 320 of FIG 13 and 
Col 13 lines 34-36 / setting the filter in Holloway system perform the task of setting 
security by defning which MAC addresses are allowed or denied access to the 
destination MAC addresses). 

As per claim 24: Holloway discloses the method as set forth in claim 23, further 
comprising the steps of: 

adding a port number, corresponding to the port through which said packet data 
was received, to a storage area corresponding to said MAC source address received in 
said anti-hacker table (item 265 of FIG 12 and Col 12 lines 17-20). 
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As per claim 25: Holloway discloses a packet switch communication method, 
comprising the steps of: 

receiving packet data upon request of communication through at least one port of 
a plurality of ports of said packet switch (Col 6, lines 27-30); 

determining whether said received MAC source address is stored in an address 
table having an access vector indicating whether allowance for access of client nodes is 
made or not, wherein each client node is identified by at least corresponding MAC 
address (item 132 of FIG 11 and Col 11 lines 14-16); 

when it is determined that said received MAC source address is not stored in 
said address table determining whether information corresponding to said received 
MAC source address is stored in said anti-hacker table (item 220 of FIG 12 and Col 1 1 , 
lines 62-64); and 

when it is determined that said received MAC source address is stored in an anti- 
hacker table, modifying an access vector in said MAC source address to a security key, 
to thereby store the modified address in the said address table, said anti-hacker table 
comprising information pertaining to a plurality of said client nodes and a plurality of 
server nodes of a network, wherein each server node is identified by at least 
corresponding MAC address (item 320 of FIG 13 and Col 13 lines 34-36 / setting the 
filter in Holloway system perform the task of setting security by defning which MAC 
addresses are allowed or denied access to the destination MAC addresses). 
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Holloway teaches obtaining the destination MAC addresses through the 
discovery phase (item 145 of FIG. 10 and item 131 of FIG 1 1) but Holloway doesn't 
explicitly teach Reading a MAC destination address and a MAC source address 
included in the received packet data. However Sofer discloses a MAC address-based 
communication access control method (Col 3, lines 49-52). Where he teaches the using 
of a MAC address stripper to extract the source and destination MAC addresses from a 
packet Col 4, lines 13-22). therefore it would have been obvious to one ordinary skilled 
in the art at the time the invention was made to modify Holloway's invention with the 
teachings of Sofer to include a MAC stripper to extract the MAC destination and source 
addresses from the received packets. One would be motivated to do so in order to 
provide the system with ability to determine where did the packet come form and where 
the packet is headed to and if it's headed to a protected destination. Detecting In an 
address table, access vectors corresponding to the MAC destination and source 
address (FIG 6 and Col 9, Lines 49-51 with Col 3, lines 7-9 ! Holloway teaches using 
combination of data structures AAL (access authorization List) and ICD (interconnected 
device list) the ICD will contain information on connected MAC addresses to the specific 
Managed hub while the AAL will contain the security access control information for each 
device. The combination of those two will perform the same function as the address 
table) Denying access if the access vectors of the MAC destination and source 
addresses are not matched (Col 3, Lines 9-11; if the managed hub detects an 
unauthorized station connecting to the LAN the hub disables the port disabling the port 
on the hub will perform the step of denying access). 
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As per claim 26: Holloway discloses a MAC (media access control) address-based 
communication restricting packet switch comprising: 

a plurality of MAC ports (Col 4, lines 67 through Col 5, lines line 1); 

a data exchange for establishing paths of packet data between MAC ports; 

a packet memory storing an address table having access vector indicating 
whether allowance for access of client nodes is made or not, wherein each client node 
is identified by at least corresponding MAC address (FIG 6 and Col 9, Lines 49-51 with 
Col 3, lines 7-9) said port table storing information about a current status of the packet 
switch, port attributes and enable/disable, and packet reception completion of each 
MAC port (Col 1 1 , lines 44-50 ) and said address table storing registered MAC 
addresses, destination access vectors corresponding to destination MAC addresses of 
said registered MAC addresses (FIG 6 and Col 9, Lines 49-51 with Col 3, lines 7-9); 

a transmission/reception controller controlling data exchange (Col 5, lines 2-12); 

wherein said transmission/reception transmits said received packet data to a 
MAC destination address when said received MAC source address is stored in said 
address table and if an access vector corresponding to said received MAC source 
address is matched with an access vector corresponding to said received MAC source 
address (Col 3, Lines 9-1 1 ), 

denies access if said access vectors of said received MAC destination and 
source addresses do not match (Col 3, Lines 9-11; if the managed hub detects an 
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unauthorized station connecting to the LAN the hub disables the port disabling the port 
on the hub will perform the step of denying access). 

As per claim 27: Holloway discloses a MAC address-based communication restricting 
packet switch communication method as set forth in claim 26, 

when said received MAC source address is not stored in the address table, and if 
information corresponding to the received MAC source address is stored in an anti- 
hacker table, modifying an access vector in said MAC source address to a security key, 
to thereby store the modified address in the said address table, wherein said anti- 
hacker table comprises information pertaining to a plurality of client nodes and a 
plurality of server nodes, wherein each server node is identified by at least 
corresponding MAC address (item 320 of FIG 13 and Col 13 lines 34-36 / setting the 
filter in Holloway system perform the task of setting security by defning which MAC 
addresses are allowed or denied access to the destination MAC addresses). 

As per claim 28: Holloway discloses a MAC address-based communication restricting 
packet switch communication method as set forth in claim 27, wherein said 
transmission/reception controller adds a port number, corresponding to the MAC port 
through which said data packet was received, to a storage area corresponding to said 
received MAC source address in said anti-hacker table (item 265 of FIG 12 and Col 12 
lines 17-20). 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kaveh Abrishamkar whose telephone number is 571- 
272-3786. The examiner can normally be reached on Monday thru Friday 8-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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